Hi.
We have something similar already covered, but your payload is original for
sure. We'll probably include it as a standard one. Will let you know.
Kind regards,
Miroslav Stampar
On Thu, Jul 26, 2012 at 11:02 AM, whp <[email protected]> wrote:
> Hi list/developer
>
> I stumbled over this type of injection while doing a pentest and thought of
> implementing this kind of injection in sqlmap (I call is
> "error-based-blind-injection"):
>
> The Webapp replied with "success", if the statement was correct,
> regardless of
> the number of returned rows (the rows actually were fetched in a subsequent
> request). And with an empty respons, if the statement failed. So the
> attack was
> identified the following way (It is a Oracle DB):
>
> param=' and to_char(1/0) like '1 --> empty response because 1/0 is a
> devision
> by zero error
> param=' and to_char(1/1) like '1 --> success
>
> Now I had to find a workaround to get sqlmap to identify this injection (it
> only identified a time based blind, but I wanted a _fast_ attack)
>
> My solution:
> prefix= ' and to_char(1/(case (select 'a' from dual where 1=1
> suffix= ) when 'a' then '1' else '0' end)) like '1
>
> Know my question: is it possible to get this attack in sqlmap as a standard
> attack - or is there an easier way to configure sqlmap?
>
> Additionaly the oracle -"order by" clause injection via a case-statement
> would
> be interesting.
>
> Your opinions/suggestions?
>
> Chris
> --
> whp_at_pohlcity_dot_de
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
